What algorithm does the RAND_bytes function use in OpenSSL?

OpenSSL can load and run different random-number engines, and is not limited to a single implementation. RAND_bytes is implemented in crypto/rand/rand_lib.c, and it gets a function pointer to the concrete RNG implementation by calling the function RAND_get_rand_method() in the same file.

So assuming you haven't loaded a new RNG engine, OpenSSL will pick one of the following:

1. By default it chooses, RAND_SSLeay(), implemented in crypto/rand/md_rand.c, which ultimately calls ssleay_rand_bytes(). I don't think it really has a name, and the randomness ultimately comes from the message digest (MD_Update).

2. If you are running the 1.0 FIPS module in FIPS mode, you get an ANSI X9.31 RNG, which uses either 3DES or AES at its core. (Note that ANSI X9.31 is no longer allowed in FIPS 140-2).

3. If you are running the 2.0 FIPS module in FIPS mode, you get an SP 800-90A Deterministic Random Bit Generator (DRBG).